I actually hear TEE is opening up for Android. This means wallets can run vitals isolated. There has been isolated keystore services a while too. They both use hardware TEE like ARM Trustzone. This is pretty hard to hack. Famous iphone hackers can't touch the kernel protection that uses it.

I have faith that one day this forum will get threads where people won't just repeat their previous posts or what others have already stated in the same thread. Also that people will stop acting like BTC is toy-money and start holding vendors accountable. Naive? Maybe.

I actually hear TEE is opening up for Android. This means wallets can run vitals isolated. There has been isolated keystore services a while too. They both use hardware TEE like ARM Trustzone. This is pretty hard to hack. Famous iphone hackers can't touch the kernel protection that uses it.

I actually hear TEE is opening up for Android. This means wallets can run vitals isolated. There has been isolated keystore services a while too. They both use hardware TEE like ARM Trustzone. This is pretty hard to hack. Famous iphone hackers can't touch the kernel protection that uses it.

Ledger Trustlets still only run on selected Samsung phones though.

Anything that's not vulnerable to published SMS and signing vulnerabilities have both the keystore, which is in the SDK for any app to use going back to older API versions, and the licensed TEE execution. Google is suppose to implement a non-licensed TEE service very soon and it'll only require updating the ROM on an older device.

This means anything you shouldn't be supporting you won't need to support. You could also just use keystore API which is hardware backed on pretty much everything with Android 4.1+ on it from the factory.

Hardware isolation even if just for keys is well worth the investment though, and will only take about 200 more lines of code.

I may make a fork to experiment with it. I believe Electrum uses Python and some framework for it's app.

I have faith that one day this forum will get threads where people won't just repeat their previous posts or what others have already stated in the same thread. Also that people will stop acting like BTC is toy-money and start holding vendors accountable. Naive? Maybe.

Trying multisig. So I created electrum multisig-wallets on desktop. I can use desktop electrum to initiate sending and use the android electrum to cosign it, just fine. But I does not seem to work when initiate sending with android, then desktop to cosign. Ideally I have two android phones, I want them to cosign one another tx.

When android multisig wallet electrum sends coin, it says "Partially signed" with a QR code. I scanned that QR with another android electrum on the send tab. It says "wrong UPE" or something. I also scanned that with my desktop electrum (using load transaction..) It says "unable to parse".

Also android electrum only supports 6 digits password which can be brute forced within a blink, any plans to support characters.. ?

Trying multisig. So I created electrum multisig-wallets on desktop. I can use desktop electrum to initiate sending and use the android electrum to cosign it, just fine. But I does not seem to work when initiate sending with android, then desktop to cosign. Ideally I have two android phones, I want them to cosign one another tx.

When android multisig wallet electrum sends coin, it says "Partially signed" with a QR code. I scanned that QR with another android electrum on the send tab. It says "wrong UPE" or something. I also scanned that with my desktop electrum (using load transaction..) It says "unable to parse".

Also android electrum only supports 6 digits password which can be brute forced within a blink, any plans to support characters.. ?

Not when there is a lockout policy. Big passwords typically lead to data-loss and bad practices for people who don't use a hardware key which has a bigger attack surface than short keys stored in their brain. The encrypted data protection itself has nothing to do with a password since no hardware isolation or policy isolation is used.

If I get free time I'll make a GIT fork and implement the Android keystore which uses hardware isolation on most devices. You can also put the encrypted data in a sandbox that is safe everywhere but jailbroken devices.

I have faith that one day this forum will get threads where people won't just repeat their previous posts or what others have already stated in the same thread. Also that people will stop acting like BTC is toy-money and start holding vendors accountable. Naive? Maybe.

When android multisig wallet electrum sends coin, it says "Partially signed" with a QR code. I scanned that QR with another android electrum on the send tab. It says "wrong UPE" or something. I also scanned that with my desktop electrum (using load transaction..) It says "unable to parse".

wrong UPE: the scanner recognized it as a barcode, not a qr code. retry, holding your camera well aligned."unable to parse": maybe the desktop version is to old?

If I get free time I'll make a GIT fork and implement the Android keystore which uses hardware isolation on most devices. You can also put the encrypted data in a sandbox that is safe everywhere but jailbroken devices.

I think one of the problem is, in android version, the QR gives "non hex" format of raw transaction ( something like this AFEA*0JN*-P9O1OY+:GV+.GKECS2R$KZW9$6MU6KPMMJLRI74SCEVS$K$NEASLB0.R.U3KEGJ+1UHYGF-Y-:PEY:ES-0D-$P0TUX1F4D6S5P..... ), while in desktop version the qr data is in hex format.

I think one of the problem is, in android version, the QR gives "non hex" format of raw transaction ( something like this AFEA*0JN*-P9O1OY+:GV+.GKECS2R$KZW9$6MU6KPMMJLRI74SCEVS$K$NEASLB0.R.U3KEGJ+1UHYGF-Y-:PEY:ES-0D-$P0TUX1F4D6S5P..... ), while in desktop version the qr data is in hex format.

I'm on 2.6.1 both desktop and android.

this "non hex" format is called base43it should be what both the desktop version and the android version use.

Not when there is a lockout policy. Big passwords typically lead to data-loss and bad practices for people who don't use a hardware key which has a bigger attack surface than short keys stored in their brain. The encrypted data protection itself has nothing to do with a password since no hardware isolation or policy isolation is used.

If I get free time I'll make a GIT fork and implement the Android keystore which uses hardware isolation on most devices. You can also put the encrypted data in a sandbox that is safe everywhere but jailbroken devices.

Note: I pushed an new apk today, that stores wallet and config data to the device internal data storage.